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Editorial 

Gunther Feuereisen 
Gunther.Feuereisen@auug.org.au 


It’s conference time! You should all be reading this during, or just 
after the Winter Conference. A special thanks to all of our sponsors for 
their support of AUUG and our yearly conference. 

It’s been a busy couple of months: the Microsoft Trial, the ever 
increasing momentum in the use of Open Source and the rise and rise 
of the popularity of free OSes. 

Linux seems to be soaring. For those of you who are new to Linux and 
live in Adelaide, LinuxSA and AUUG are hosting the LinuxSA 
Installfest in mid-July. Check out pplO-11 or the website 
www.linuxsa.org.au/meetings/installfest2000 for more details. 

The popularity of UNIX-like Operating Systems just seems to grow and 
grow. I remember reading an article in 1993 when NT 3.1 was 
released, the cover of the magazine proclaimed that “UNIX is dead!” 

Look around you. It’s Y2K; UNIX is everywhere! Between the 
established vendors (Sun, SCO, Compaq, HP, IBM, SGI etc.), the free 
BSDs, the Linuxes .. and Microsoft facing an anti-trust ruling which 
will divide them into two, you’d have to wonder - for an OS that is 
supposed to be dead, UNIX is making a lot of noise. 

Maybe Ken and Dennis knew something the world didn’t? ;-) 

See you next time. 


uuifec 


Thanks to our 
Sponsors: 



AUREMA 
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President’s Column 

David Purdue 

David.Purdue@auug.org.au 


growing pains n.pl 1 early difficulties in the 
development of a project etc. 2 neuralgic 
pain in children’s legs due to fatigue etc. 

- The Pocket Oxford Dictionary 

It would appear that Linux has hit the big time. 
As we are all aware, it is being deployed ever 
more widely and on a greater variety of systems. 
Hands up if you have a Linux box of some kind 
in your work place I 

In the press the stories we are seeing are less 
hype and more real solutions to business 
problems and technical challenges. Several 
large hardware vendors seem to have bet the 
farm on Linux’s long-term success, and how 
many Linux-based company floats have we seen 
in the last year? 

One thing this success has lead to is a plethora 
of Linux “distributions” - different packaging of 
the Linux kernel with utility and other software. 
A quick (and I mean quick) search of the net 
showed up at least 50 different Linux 
distributions. 

Each of these distributions is a little different. 
They have to be to justify their existence in a 
particular niche. Some exist to provide 
commercial grade support. Some have a wider 
set of applications bundled with the kernel. 
Some aim to be the easiest to install and 
administrate. Some aim to be the smallest 
operational set. Some address particular 
hardware platforms. Some exist just so that the 
developers can reap some reward for the work 
they are putting in to Linux development. 

Is this a bad thing? Not at all. The abundance 
of distributions means there are people who are 
working on different areas of the O/S 
technology, experimenting with different ways to 
take Linux forward. And since the GNU Public 
Licence covers pretty much all the distributions, 
a good idea developed in one distribution can 
rapidly be adopted by the others. Specialist 
needs are catered for, but innovation for the 
whole of Linux is encouraged. 

Not that this is without problems. It should be 
noted that in today’s commercial world, 
computers exist because of the applications run 
on them and not the other way around. As 
noted above, all the Linux distributions differ 
from each other to a greater or lesser extent - if 
they did not there would be no point to their 
existence. And although all the distributions are 
based on the same Linux kernel, these 
differences can affect applications, since they 
affect how applications are installed, file systems 
layouts, what operating system facilities can be 
assumed to exist, and even the API’s available. 
This creates difficulties for software vendors 


(ISV’s), who do not have a single target to port 
to. 

I should hope that a number of AUUG members 
should be experiencing deja vu at this point. 
Surely this is the same difficulty faced by UNIX 
programmers and the multiple, subtly different 
environments offered by different vendors and 
their versions of UNIX. 

I think histoiy has shown that there are two 
approaches to this problem. 

One is the monopoly - this is the Windows NT 
model. When all the world is running one 
operating system from one vendor then it is 
really easy for ISV’s to choose a target to port to. 
However, as has been found by Judge Thomas 
Jackson, this stifles innovation, and the 
consumer suffers. 

The other approach is to adopt standards, so 
that an application can rely on certain operating 
systems features, installation procedures and 
API’s to be present. Standards should be well 
understood, widely available and easily 
obtained. Does this not also stifle innovation? 
Maybe to some extent, but there is still room to 
come up with better implementations that 
adhere to the standard, and for niche operating 
systems that cater to particular needs. 
Effectively there is just a single platform to port 
to, as far as ISV’s are concerned. 

I hope the Linux community will learn a lesson 
from UNIX histoiy and embrace open standards. 

Linux standards efforts are just one topic that is 
to be discussed at the up coming AUUG2K 
conference, “Enterprise Security, Enterprise 
Linux,” being held in Canberra in June. Check 
out http: / /www. auug. org. au for more details. 


Bloat, part deux 

I was going to leave this where it lay after the 
last issue, but I just can’t help it... 

I recently attended the launch of Microsoft 
Windows 2000. 

I think other media have dwelled enough on the 
main anomaly of this presentation: Two months 
ago Windows NT was a stable and reliable 
operating system capable of supporting all your 
mission critical applications. Now that Windows 
2000 is on the market, Microsoft has revealed 
that in their labs Windows NT crashes after 5.2 
days of operation. 

In any case, I saw many other curiosities in this 
presentation. 

I think they got me offside straight away when 
Bill Gates appeared on the large screen and 
said, “Hello Australia and New Zealand!” What’s 
the matter, Bill? Are you so busy you could not 
spend an extra 10 seconds to do another take? 
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“Hello Australia!” “Hello New Zealand!” How 
long was that? 

I was also annoyed by the folks interviewed from 
Australian companies that have already 
deployed Windows 2000. Most of them had 
American accents, and of the others a lot had 
British accents. Are Australians not suitable for 
senior technology jobs? Or are we just too 
sensible to deploy Windows 2000 before its 
release? 

In any ease the main message of this launch, as 
seems to be always the way with Microsoft, is 
that bigger is better. And to prove that Windows 
2000 is bigger some amazing numbers were 
flashed on to the big screen. 

For starters, it was revealed that 5000 
programmers worked on the project. If that 
impresses you, then you have not read that 
seminal work on software engineering “The 
Mythical Man-Month” by Frederick P. Brooks. 
He shows that for tasks with complex 
interrelationships, a point is reached where 
adding more people will actually lengthen the 


time required or detract from quality of the final 
product. 

But the statistic that nearly made me fall off my 
chair was that the Windows 2000 developers 
sent themselves 90,000 emails a day. Why do I 
need to know this? I fail to see how this 
information tells me anything about the quality 
of the end product. Let’s see - that is 18 email’s 
per programmer per day, and lets assume an 
email takes 5 minutes to compose and 5 
minutes to read, then each programmer was 
spending 3 hours a day on email! Could this 
time have been spent more productively, say, on 
testing and debugging? 

Bigger is not better, but even after the tidal wave 
of Linux and the number of NT file and print 
servers that have been replaced with 
Linux/Samba file and print servers Microsoft 
just does not get it. 



Cybersource has been a Professional Services consultancy, 
specialising in the areas of Unix, Windows and TCP/IP since 
1991. Cybersource also offers accredited, professional-grade 
support for Red Hat Linux and other open source (free) software. 
Therefore, the last ‘valid’ reason for not taking advantage of 
great software like Perl, Linux, SAMBA and Apache has just 
disappeared. Organisations can benefit from the robustness, 
flexibility and value of open source software, and know they 
have an experienced team of IT professionals available to 
provide commercial-level support, when needed. 

Contact us for full details. 

Telephone: 03 9642 5997 

URL: http://www.cyber.com.au/ 

Email: info@cyber.com.au 
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The Organising Committee of AUUG2K gratefully acknowledges the valuable and generous contribution given 
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Mmowmmrm PROTECTING YOUR E-BUSINESS 
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THE 


ASK 

Solutions 

Group 

INTERNET APPLICATIONS SUPPORT OPPORTUNITIES 

We are looking for Applications Support Specialists to provide operational support for the ISP 
environment. The role will include supporting application software designed specifically for the networks 
of ISP’s, such as subscriber provisioning, customer care and server availability. Responsibilities wi 
include certifying new software releases and migrating them clearly into production and configuring the 
network components of specific applications. 

Skills and Experience: 

© Oracle SQL* plus experience 
® Hands-on UNIX System experience 
© LAN experience on a NT environment 

® Proficient in managing operational activities in a technical environment 
© Excellent oral and written communication skills 
® Excellent time management skills 

_ UNIX WEB OPPORTUNITIES ___ 

We are currently looking for creative people who can conceptualise, design and develop 
web-based applications. These persons will also be responsible for programming and 
operating the publishing systems. There will also be a need for the testing and debugging of 
new systems, _________ 

Responsibilities: 

• Developing & deploying web site production tools and systems 
@ Working on Web-site features 

• Working with graphic designers, editors and marketing to specify system requirements 
@ Supporting systems in production 

Skills & Experience: 

© 2-3 years web programming experience 

© Knowledge of Perl is essential 

© Knowledge of any of the following: Unix, HTML, DHTML, CGI, Javascript, C, C++, Netscape, Apache, 
SQL, or proxies 

© Knowledge of following applications: CGI applications, Dynamic web pages, Perl clients using LWP, 
Content Management, and/or Web site automation 

• BS in Computer Science or related field 

_ PRESALES IMPLEMENTATION CONSULTANT _ 

The client is a NASDAQ-listed US multinational vendor which specialises in Web-switching, load¬ 
balancing technology, noted as THE Ethernet Web Switching pioneer. Australia is their headquarters for 
Asia-Pacific and they are in the midst of growing their presence in the region. 

Experience: 

@ BS/BA (EE/CS) or equivalent 

© 3+ years internetworking experience, routing & switching product experience preferred 

© Knowledge of routing & routed protocols, and Intranet solutions for the campus and WAN 
© Troubleshooting skills, especially in Unix would be a great advantage 
© Strong written and verbal communication skills, good listening and presentation skills 
Responsibilities: 

• Provide technical and sales support for accounts in assigned territory 

© Participate in technical presentations for customers, partners and prospects 
© Assist in the development of formal sales proposals 

• Set-up and operate equipment for customer demonstrations and evaluations 

• Configuration and installation rollout of LAN/WAN switching solutions 

For more details, or to apply for any of the above positions, please forward you resume to Suma Wiggins at ASK Solutions, Level 11, 
100 Miller Street, North Sydney NSW2060, Ph (02) 9202 8300 or Fax (02) 9929 0282. 
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Solutions 

Group 

TECHNICAL IMPLEMENTATION CONSULTANT 

The primary purpose of this position is to manage all post-sales issues for Netegrity’s customer base in 
Australia and New Zealand. These issues include evaluation and production installs, informal and formal 
training, project managing technical support queries to US and APAC TACs, and short-term Professional 
Services (consulting) engagements. The long-term growth for this position is in the Professional Services 
area, with longer-term and more complex engagements as the region grows. Possible career development 
into Technical Account Management. 

Objectives: 

• Provide on-site and telephone post-sales (configuration, support & short term professional service 
engagements) 

• Conduct evaluation and production installs of Netegrity’s SiteMinder in the customer environment 

• Conduct formal training classes and informal, hands on training of the customer in the use of 
SiteMinder 

® Assist the customer in SiteMinder policy configuration suitable for their web environment 
® Assist the customer with integrating SiteMinder into existing web applications 

® Provide post-sales architectural support in the form of short-term engagements, for example LDAP 
directory analysis and design suitable for the customer’s environment 

Skills: 

• C/C++, HTML, HTTP protocol and Unix (Solaris and/or HP-UX) 

• CGI scripting languages such as, PERL, C/C++, ASP and/or JavaScript 

• Web servers (IIS 4 and/or 5 and/or Netscape Enterprise Server 3.6x and/or 4.x) 

Note: There will be an intensive training program provided, with some training in the United States. 

TECHNICAL SUPPORT ENGINEER 


The world’s largest provider of storage management software solutions seeks Technical Support 
Engineers. This large US Nasdaq listed company prides itself on looking after its employees. It 
does this by providing a great work environment, fantastic career growth opportunity, stock 
options programs and believes their employees should be best paid in the industry. 
Responsibilities: 

Provide support to customers of our high availability, operations and fault tolerant products on the UNIX 
and Windows NT platforms. These products include: 

® A fast recovery, high performance UNIX file system 
© An enterprise wide system backup utility 

® A logical disk software subsystem providing disk subsystem redundancy and increased performance 
through mirroring, striping RAID-5, while still allowing online data management 
@ A suite of system event, operations and performance monitoring tools 
© A system administration graphical user interface for disk and file system management 
® A High-availability failover product suite allowing multiple systems to monitor each other and take 
over providing services should one fail 

® Provide technical insight to customers on the interaction of the products with underlying hardware 
and overlayed applications, in order to provide optimal system efficiency 
@ Assisting development partners in their task of porting the software to other hardware platforms 
© Providing verification of new features, products and versions of products being released 

Education / Experience Required: 

© BS or MS in Computer Science or related major with course work in: Programming in C and/or 
C++; Operating systems; Data structures; Network communications; and Storage sub systems 
® Work experience or working knowledge of any of the following: UNIX Systems Administration 
and/or Operations; Relational database management (Oracle, Sybase, Informix); Network 
Administration; I/O and/or Network Performance; and UNIX Shell Programming 
Note: All Candidates must have a valid passport. The successful candidates will be sent to the US for a 6- 
week training course before they start. 

For more details, or to apply for any of the above positions, please forward you resume to Suma Wiggins at ASK Solutions, Level 11, 
100 Miller Street, North Sydney NSW2060, Ph (02) 9202 8300 or Fax (02) 9929 0282. 
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Review: 

IETF Seminars 

David Newall 
davidn@rebel.net.au 


The IETF - The Internet Engineering Task 
Force, who are the people who design the 
internet protocols - are meeting here in 
Adelaide this week. This is a rare occurrence, 
and Glen Turner, who is one of Adelaide's 
network gurus, has organised a real treat for us 
to enjoy. He has asked some of the IETF 
members — who are experts in their fields — to 
present a series of lunchtime seminars. 

^ ^ ^ 


Internet 2 

Presented by E. Paul Love, 

Chair, Intemet2 Topology Worldng Group. 

Monday, 27 March 2000, lpm - 2pm 
Horace Lamb lecture theatre 
Horace Lamb Building 
The University of Adelaide 

The first seminar, on the topic of Internet 2, was 
presented by E. Paul Love, who is chair of the 
Intemet2 Topology Working Group. 

I gained the understanding that Internet2 is a 
high speed, IPv6 based network. The primary 
users are USA academic institution, although 
both private companies and international 
organisations are also connected. The purpose 
of the network is to research high speed 
networks and applications that can benefit from 
them. 

The network is a series of "gigapops" usually 
connected by high speed links. Some isolated 
areas have been (or still are) limited by relatively 
low links; although since apparently "low speed" 
is measured in multi-megabits per second I have 
little sympathy for them! 

Internet 2 exists through the generosity of 
various commercial and governmental gifts, for 
example equipment vendors donate equipment, 
and long distance carriers donate bandwidth. It 
seems that a very few carriers provide most of 
the physical links. [I wonder if it's a good thing 
to have important research infrastructure at the 
mercy of a telco's good will?] 

Latency (the time it takes for data to cross the 
network) is an important issue. In one 
application a tunnelling microscope (I think) 
cannot be controlled from further away than 900 
miles: beyond that distance the commands to 
control it take so long to traverse the network 
that the device can slam into the sample. An 
analogy was made to remote-medicine, with a 
surgeon "holding" a remote scalple! 


Another application that takes advantage of 
Internet 2 is remote control of radio telescope. 
Scientists traditionally have to book time on 
large telescopes, and fly there when their time is 
scheduled. Now they can avoid the expense of 
travel and control the telescope over Internet 2. 

The only negative comment I would make is that 
too much time was spent on the physical 
infrastructure of Internet 2. Never the less we 
were presented with some good insight into 
future directions of the Internet. 

a ^ a 


Telephony over IP 

Presented by Stephen Kingham, CSIRO 

Tuesday, 28 March 2000, 12pm - lpm 
Flentje lecture theatre 
Plaza Building 
The University of Adelaide 

The second seminar, on the topic of Telephony 
over IP, was presented by Stephen Kingham 
from CSIRO (apparently, although I thought I 
saw Don Robertson written on the blackboard so 
my humble apologies if I got it wrong!) 

The good news is it's all surprisingly easy! 

Normally your telephone is connected to your 
company PBX, which places the call using the 
public telephone network (PSTN). With VoIP you 
PABX is connected to a "Voice over IP" gateway, 
which looks almost like another PABX or like a 
telephone line. On the PABX side the gateway 
looks like ISDN; on the internet side it uses 
H.323 (the standard for voice over IP.) When you 
wish to make a call the PABX passes your call to 
the VoIP gateway which connects to a gateway 
"at the other end", which makes a (presumably) 
local call to complete the circuit ( or delivers it to 
a local extension.) Calls can also be placed to "IP 
telephones", for example Microsoft Netmeeting. 

If the gateway cannot place the call the PABX 
falls back to the usual (expensive) PSTN. 

Software called "Gatekeeper" translates a 
telephone number into an IP address. This is 
analogous to the DNS which translates a domain 
name into an IP address, but unlike the DNS, 
which must be manually configured, you can 
connect to your local Gatekeeper and it knows 
that's where you are. I gathered that Gatekeeper 
is not quite "production ready", and that static 
routes are also used. 

Each voice call is sampled at 64Kbps and 
compressed using G.some number, which 
standard describes the compression of speech. 
This compresses speech to a bit rate of 8Kbps. 
Allowing for system overheads, each call actually 
consumes 26Kbps! I think the protocol sends 
60 bytes of data per packet, and when you add 
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UDP headers, and IP frames, the overheads 
greatly exceed the amount of data! [It's ironic 
that the argument against IP on ATM is the 
penalty of splitting IP datagrams into lots of little 
ATM cells.] On slow links (less than 2Mbps) 
further compression is used which brings the 
bandwidth down to 13Kbps. I remember the 
number 5Kbps being bandied around, too, but I 
don't recall how. 

VoIP requires data to be delivered quickly and 
reliably. If the packets are delivered in less than 
200ms the quality is about the same as for the 
normal telephone network. Delays up to 600ms 
(I wish I wrote these numbers down) are like 
talking over a satellite link; you need to talk, 
then pause to let the other person talk. When 
you add up how long it takes to convert speech 
to data, and to so and so forth, until it gets to 
the other end, the total time is about 90ms plus 
trip time, which just about makes VoIP to USA 
workable. 

If the packets cannot be delivered quickly, 
there's no point delivering them at all. VoIP 
uses the IP Type of Service field to identify the 
voice data so that routers can give them high 
priority. Only authorised hosts are permitted to 
set the TOS and the gateways strip these bits 
from IP headers from unauthorised hosts. 

There are issues relating to network 
performance, and if the network is too busy to 
handle the call it should be rejected (and the 
PABX should fall back to the expensive PSTN 


line.) This is apparently another "work in 
progress" issue, the final solution to which is 
still being worked out. 

AARNet is using this service now. It supports 
voice and fax. Fax works by using DSP (digital 
signal processors) to decode the fax signal and 
turn it back to data; the data is sent through the 
network and turned back into "fax" at the other 
end. Modem calls are not support (although 
there is no reason why they couldn't be handled 
the same way fax is) and neither is ISDN video. 
[Pooh!] 

One lovely benefit is end-to-end Q.sig, which the 
government has been unsuccessfully trying to 
get carriers to support for years. Suppose you 
try to call somebody and they are on a call. 
Q.sig allows you to dial a code and hang up, and 
when their call completes your telephone rings. 
When you pick it up their telephone rings and 
you are thus connected to them. This feature is 
available on PABXs, but it's not available over 
the PSTN. VoIP gives you this ability end to end. 

Billing is really easy. A billing system was 
written in Perth, and I we were told the URL, 
http://timtam.aarnet.edu.au. The system 
currently handles thousands of calls per day. 
Long distance calls using VoIP cost around 
l/10th of a cent per minute; much cheaper than 
the PSTN. 



Tellurian Pty Ltd 



E2 

> 


Come to us if you need seriously capable people to help with your 
computer systems. We're very good at what we do. 

0 Unix, Macintosh and Windows experts 

• Legacy system re-engineering and integration 

8 System management and support 

8 Internet access 

Our two current major projects: 


8 Support and development of an integrated environment covering 
applications running on IBM3090, DEC Alpha, SCO Unix and Nortel 
switches. Just imagine the cost benefits of supporting over 500 
concurrent users on four little 486 and Pentium PCs, 


° From the ground-up implementation of MFC and Windows API on Apple 
Macintosh. We've got our client's Windows MFC application running, 
bug-for-bug, on Apple Macintosh. 

Tellurian Pty Ltd (08) 8408 9600 

272 Prospect Road www.tellurian.com.au 

Prospect SA 5082 sales@tellurian.com.au 
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Welcome to LinuxSA's and AUUG's installfest! 


What is an installfest? Well, an installfest is where members of the local Linux community come together 
and offer their time and expertise to help you install and configure Linux on your computer. 

In addition to helping you install Linux we'll also be helping those of you who already have Linux installed, 
but need help configuring something - whether that be peer-to-peer networking, dialup internet access, 
Linux-to-Windows connectivity, or just getting Quake III running well! 

Perhaps you don't know what the fuss about Linux is all about. Feel free to come along and have a look 
(why not bring your machine - you might change your mind and want Linux for yourself! :-) You can check 
out some of the following on-line resources to find out what Linux actually is and to learn more about what 
makes it great! 

So come along, bring your computer, join us for a slice of pizza and get Linux installed and running 
smoothly on your computer. Join the growing crowd of people who won't accept software that sucks. 


When, Where and What? _ 

The installfest will be held on Saturday July 15th at 31 York Street, Adelaide. We'll be opening the doors 
to the public at 10am and we won't start any new installations after 4pm. 

Where is 31 York Street? Well, going down Rundle Street, you'll find Bent Street (just between Ngapartji 
and the Austral Hotel). Half-way down Bent Street you'll find a laneway called York Street. There is an 
Anima Gallery sign clearly visible, under which is a door into a room which contains a lift. Taking the lift to 
the second floor, you'll find us there on the left! Think you'll get lost? Then have a look at some photos 
[http://siash.dotat.org/~newton/instaiifest/] with directions showing you how to get there. 

There's plenty of parking available in either the Hungry Jacks Car Park or the Target carpark across the 
road, and there will be volunteers in York Street directing traffic and helping people unload their 
machines. There may be an announcement concerning parking - so watch this space for further 
details. 

What will we be installing? As our very generous sponsors Red Hat and TurboLinux are donating CDs, 
we will preferably be installing these Linux distributions. If you want something else, we certainly will have 
other Linux distributions available (as well as FreeBSD, another open-source operating system), but if 
you are new to Linux, we recommend either of these two distributions since they are easy to use, very 
stable and able to be supported by the LinuxSA community. 


Requirements _ 

Before the day you'll need to do the following: 

■ Make sure you have at least 400Mb of disk space free for Linux. If you want to keep your pre-existing 
Windows installation, that's ok, we can set up your computer so you can dual-boot between the two 
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OSes, but you should defragment your hard drive under Windows before you come to save some 
time. 

* Backup your data - particularly if you can't afford to lose it. 

B Register [http://www.linuxsa.org.au/meetings/installfest2000/register.php3]. You should 
let us know that you're coming. 

■ Label everything that you're going to bring with you - that way there's no confusion about what 
belongs to who. 

You need to bring the following with you: 

B Your PC - only 486s and later please :-) We can install on Sun SPARCstations, DEC Alphas and 
Apple Macintoshes as well - but you'll need to forewarn us if you intend bringing any of these, 

« Your monitor & modem - afterall, if you want everything to work at home, let's make sure it works 
here before you leave. 

■ Other devices - mice, keyboards, scanners, printers, anything you want working under Linux. 

8 Cables - we can't possibly provide all possible cables and connections, so bring your own. Perhaps 
put them all in a box with your name on the side and bring that. Bringing your own powerboard is a 
good thing to do. 


Cost 


Zip. Zero. Squat. Absolutely nothing. We'll be installing only open source software that is freely re¬ 
distributable, so there's no cost to you for the software. 

We'll also have refreshments on offer (including pizza :-) for a reasonable cost. There will also be 
merchandise such as non-free software, books, Linux merchandise etc. for sale on the day by various 
retailers. 


Sponsors 


Even though the software we'll be installing is itself free, there are costs associated with running an event 
like this. 


LinuxSA gratefully acknowledges the generous assistance given by the following organisations, without 
which this event could not take place: 



redhat. 


www.redhat.com 


C| Interned© 

Profe$$k)nat Access 

www.internode.on.net 


TURBOL NUX 

i -MSM peffFdRMANdi: Linux 


www.turbolinux.com.au 



www.tellurian.com.au 



www.netcraft.com.au 


Want more information? 


Check out the LinuxSA Installfest website: 

www.linuxsa.org.au/meetings/installfest2000 
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Review: 

Probes, Logs and 
Things That Go 
Bump in the Night 

Daniel Baldoni 
dbaldoni@iinetnet.au 

l Editor’s Note: our thanks to Daniel for giving us 
permission to publish his review inAUUGN. ] 

This month the WA chapters of AUUG and 
SAGE-AU got together with PLUG (the Perth 
Linux Users' Group) to hold a special meeting. 
We were fortunate enough to have David Conran 
from AusCERT (the Australian Computer 
Emergency Response Team) give us a talk 
entitled "Probes, Logs and Things That Go Bump 
in the Night". 

^ ^ * 


The first question David covered was: 

What is a probe? 

He described it as: 

B a "knock on the door" or "rattling of the 
windows" of your firewall; 
a a precursor to being hacked; 

0 a good indication that the source site (of the 
probe) has been compromised 

and 

13 costing you bandwidth. 


How often do they happen? 

Apparently, this can depend on: 

13 how big your site is; 

® how large your DNS is (check who you allow 
zone transfers to); 

0 how visible your site is; and 
0 whether or not you're unlucky enough to be 
the default settings in some program. 


David then told us that only about 1 in 
1,000,000 IPs scanned are ever reported. 


[Author's note: Having a particular interest in 
computer and network security, I've seen this 
type of behaviour before but I was still surprised 
at the scale of the failure to report ] 


How often are the probes successful? 

David said that if you're checking your logs, 
then you're probably okay. Back to statistics ... 
about 8% of compromises are reported. 


At this point, David was asked how they 
(AusCERT) "knew" these numbers were 
accurate. His response was "from the logs of 
compromised sites". When other (either 
"upstream" or "downstream") sites were 
contacted, note is taken of who had been 
compromised and whether or not they had 
reported the fact. He then went on to emphasise 
that these statistics are only for Australia and 
that AusCERT considers them to be very 
optimistic. 


Okay, so who's doing the probing? 

David listed a number of groups: 

■ "script kiddies" : Children (as young as pre- 
teens) who have a point-and-click program 
and they get a '#' prompt at the end of the 
process. They have no idea what it is 
they’ve done or what they now have access 
to. 

■ "chat room groupies": People who use ICQ or 
IRC (or whatever) and like to wage war over 
something said in a chat-room. 

B "suits": Those who are deliberately (and 
professionally) engaged in this type of action 
(can you say "corporate espionage"?). 

a Broken devices and programs, or devices 
and programs with bad default settings. As 
David indicated, we've all seen print servers 
or SNMP agents which like to "discover" the 
entire Internet address space. 

0 Governments attacking other governments. 
All that was said on this point was, "yes, 
we've seen it happen". 


So, why don't people report these probes 
when they happen? 

The reasons given were: 

0 too much effort 
13 so many 

a don't know what to do about them 
0 we don’t look at the logs 
0 what's the point? 

0 somebody else will 


Okay, given all those "perfectly valid" 
reasons, why should network probes be 
reported? 

0 It lets other sites know; they may have been 
compromised as nobody is going to tiy 
breaking into a site from their own. This 
may be how you discover you've been 
compromised! 

0 No-one else will (just read the previous list!). 

0 Was it just your site? You don’t know if it 
was part of a larger scan. If the source site 
gets 20 reports from 20 different sites, 
they’re far more likely to take it seriously 
than if they only get one. 
a It may be something new, meaning you may 
be the first to have detected it. 

0 Tracing back allows cleanup of other 
affected sites. 
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■ It may help in a legal case. A large number 
of reports destroys the "I did it by accident" 
defense. 

■ It may help agencies get funding or other 
resources to deal with this type of crime. 


How can these probes be detected? 

Obviously, through firewall and system logs. 

Also, check logs for things like "TCP wrappers" 
(e.g. tcpd, tcp_wrapper) . David then stressed the 
need to keep your logs synchronised and your 
various sytems' times accurate. Then, 
combining some of your logs when analysing 
them may highlight attacks you weren't aware 
of. The example David gave was combining your 
firewall logs with your sendmail logs ... if you 
suddenly see mail failures one minute after 
noting a probe in your firewall logs, some kind of 
attack was made. He also pointed out that 
automated checking can be very useful, 
particularly if you have large logs. 

So you've decided to report a probe; how do 
you go about it? 

The first thing David stressed was to contact the 
right person. Also, be polite when dealing with 
them. Remember that they may be madly 
running around trying to clean up a 
compromised system (consider how you'd be 
feeling if you were in their situation). Provide 
them with clear and concise data, complete with 
your time zone and the date of the probe (as 
they may not get around to handling your query 
for a couple of days). Also, provide them with 
contact information so that they can check this 
isn't just a hoax "call". Finally, you could 
partially automate the process by using a pre¬ 
generated form letter. Or, you could go for a 
fully automated system which examines your 
logs, and automatically fires off an appropriate 
message to the site(s) concerned. 

As mentioned above, it's important to contact 
the right person at the source site. But, who is 
that? You could try the "standard" addresses of 
root, postmaster (required by RFC 822) or abuse 
(required for ISPs) at the appropriate domain. 
You could also scan the relevant organisation's 
website as they may have a designated security 
contact. The whois database contains Technical 
and Administrative Contacts for eveiy domain. 
These may be out of date but the indicated 
people should know who the currently relevant 
person is (and how to contact them). Next, 
check the SOA field in the site's DNS as it 
should provide a contact email address for 
network-related issues. Finally, report it to the 
CERT team in the area of the source site; they 
may even be able to translate for you if 
necessary. 


Why report it to CERT? 


B People take notice if an external 
organisation is making an investigation. 

0 CERT sees other reports and can let a site 
know that this is not an isolated incident 
(again, this is more likely to induce action). 

a They have experience in this and know how 
to take it further. 

0 They can provide more evidence and "clout" 
in follow-up action. 

s CERT have a larger scope of activities; they 
can see the "overall picture" and allows them 
the benefit of strategic planning. 

0 They produce alerts and advisories to the 
"general populace". 

0 It reduces your workload as they do the 
work of investigating (or "chasing down") the 
incident - but only if you're a member. 

® It makes you feel good as you're helping out. 


At this point, one of the attendees asked why the 
advisories were so late (in comparison to 
information avenues like "bugtraq'j. David then 
described AusCERT's need to thoroughly verify 
any reports made to them. As they're a trusted 
source of information, they must be seen to 
produce accurate synopses of and, where 
possible, "cures" for the problems reported to 
them. This often requires them to deal with 
hardware or software vendors (for patches, 
upgrade information, etc.) and this can lead to 
delays. 


Fine, so you've decided to report a probe; 
how do you report it to AusCERT? 

The e-mail address you should use is 
probe@auscert.org.au. When reporting probes, 
David requested that you; 

0 use the source's IP address rather than 
FQDN as it avoids the "it wasn't us - it's 
probably a spoof' response; 

0 provide a separate report for each source IP 
address; 

0 don't send your entire firewall logs in a 
single message, but break them up based on 
source IP address; 

0 cc: the message to the offending site; 

0 use a good subject: line (e.g. avoid things 
like "FYI'j; 

0 send logs in plain text (screen dumps of logs 
aren’t too useful) and in English; 

■ keep messages short and the most useful 
information at the start of each message (so 
readers don't have to wade through logs to 
find a synopsis of the situation); and 
0 provide updated information if and when it 
becomes available. 

He also asked that you indicate whether or not 
any of the information you have provided can be 
passed on or must be kept confidential. By 
default, everything sent to AusCERT is 
considered confidential and won't be passed on. 
However, it may prove helpful if some parts of 
the information (e.g. logs with IP addresses 
masked out), can be passed along to other 
authorities. 
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Now that AusCERT has your reports, what do 
they do with them? 

The reports are tracked and correlated (which 
helps in locating patterns of attack and in the 
development of that strategic planning 
mentioned earlier). They can then take it further 
with police and other organisations both in 
Australia and overseas. 

If you have a situation which is more serious 
than "just a probe", you can e-mail the details to 
auscert@auscert.org.au. If the problem is 
"really serious", you should PGP encrypt the 
message (AusCERT's key is available from their 
website). 


Now, back to the statistics. 

In March 2000, almost 700 incidents were 
reported. 580 of these were network probes and 
about 50% of those indicated that sites had been 
compromised. Approximately 337 sites in 
Australia were compromised during that month 
(or, about 11 were compromised each day). 
Extrapolating from our earlier statistics (these 
are only reported numbers), 580,000,000 sites 
were probed during the month of March. David 
pointed out that this equates to every IP address 
being scanned every 4 days. 


Finally, how can you protect yourself from 
these probes? 

David gave a list of AusCERT's "top 10" targets 
for March. These were, in order: 

1. portmapper 

2. WWW - php, phf, etc. 

3. telnet 

4. NetBIOS 

5. 8080 and other proxies 

6. IMAP 

7. POP3 

8. POP2 

9. TCP 3128 (Squid) 

10. DNS 


You should also follow these general rules: 

1. Keep your systems and filters up-to-date. 

2. Install a firewall and use egress filtering (to 
keep information inside your own network 
and to prevent you from becoming a 
"default-based prober"). 

3. Implement host-based security to provide an 
additional layer of protection between you 
and the attacker. 

4. Monitor your logs and report on them. 

5. Keep yourself up-to-date with security 
related issues. 

6. Don't become complacent. 


Lastly, David introduced his "rule of 9s". 


If you have a firewall, you’re probably 90% 
secure. If you also have host-based security, 
you're probably 99% secure. If you have also 
been applying system and software patches, 
then you're probably 99.9% secure. At 99.9% 
secure, and approximately 600 incidents per 
month, you will probably have a security 
incident every two months. 

This evening was the first in what the various 
WA chapter committees hope will be a series of 
such seminars. To those of you who couldn't 
make it to this one, we hope to see you at a 
future event. 


For the latest 
news on 
AUUG 

Check out the AUUG website 
at: 

www.auug.org.au 
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redhat 

Asia-Pacific 


Training Courses for Australia 

Be recognised as a guru in just 5 days - add a feather to 
your hat with Red Hat’s Certified Engineer Course. 


Open-source software is revolutionising 
the technology industry. Red Hat is the 
world’s #1 distributor of Linux - the 
world’s fastest-growing OS. With 15 
million users and climbing, Linux is 
gaining momentum and mindshare at an 
unprecedented rate. 

Join the revolution and fast-track your 
career with our 5-day RH300 Red Hat 
Certified Engineer (RHCE) course. If 
you’re a UNIX or Linux-experienced user, 
a networking specialist, a systems 
integrator, or a system administrator, this is 
the course for you. This intensive training 
programme will reward you with a formal 
Red Hat Certification for the skills you 
have gained. The course comprises of four 
days extensive hands-on followed by 1-day 
certification exam. If you think you have 
the right stuff you can even just enquire 
about our exam-only option. 

You’ll be challenged by hands-on labs, 
exercises and daily quizzes. You’ll learn 
all about Red Hat Linux on your own 
workstation, and will be provided with 
materials, study aids, handouts and a pre¬ 
assessment questionnaire. A catered lunch 
will be provided every day, and you’ll look 
sharp in your own Red Hat Cap. 

And if you’re an AUUG member, you’ll 
automatically receive a $200 discount. 

What you’ll learn: 

How to install and configure Red Hat 
Linux, plus an understanding of hardware 
limitations. You’ll be able to configure 
basic networking and file systems, the X 


Window System and basic security, along 
with setting up common network (IP) 
services and carrying out basic diagnostics 
and troubleshooting. Plus you’ll be able to 
perform essential Red Hat Linux system 
administration. 

What others will recognise in you 

You’ll be recognised anyway in the world 
as having passed one of the toughest 
certification courses around. You’ll be 
recognised as having the skills to get the 
job done. Join the ranks of the many 
Australians who have already been 
certified. 

Prerequisites for RH300 

Other Red Hat Training Courses or 
equivalent experience with UNIX, 
LAN/WAN fundamentals, Internetworking 
with TCP/IP, knowledge or experience 
setting up NFS, HTTP, DNS, FTP, NIS, 
DHCP and other networking services, 
along with security. For a complete list of 
prerequisites, see the Prerequisites for 
RH300 . 

And it doesn’t hurt to have a desire to be 
associated with some of the brightest 
minds in the world. And penguins. 

How to Register 

Check out the form on the 
next page for dates and 
locations that suit you, fill in 
the form and fax/post to us 
today to kick off the next 
stage in your career. 




red hat. 

Asia-Pacific 

Australian Training Registration Form - Special AUUG Offer 

To register for a training course, please print and complete this form, and fax it to (07) 3257 4800. Send original 
form and/or purchase order to: Red Hat Asia-Pacific, Suite 141, 45 Cribb St. Milton QLD 4064 
Registration in a class is only complete when we receive a signed company purchase order, credit card reference 
or other direct payment. Make cheques payable to “Red Hat Asia-Pacific” 

Attendee Details 

Name:_ Title:_ 

Company:_ 

Address:_ 

_Postcode:_ 

Telephone:_Fax:_ 

E-Mail:_ 

AUUG Membership # (required for discount, otherwise add $200):_ 

D Please include me on your mailing list for future support, training, product and service 
offerings 

Select Preferred Course & Date - All courses are RHCE (RHCE) 

□ Brisbane April 10 - April 14 D Brisbane May 15 - May 19 

D Sydney March 27 - March 31 D Sydney May 8 - May 12 D Sydney May 29 - June 2 

D Canberra May 1 - May 5 D Canberra May 22 - May 26 

n Melbourne April 3 - April 7 D Melbourne May 1 - May 5 D Melbourne May 29 - June 2 

[U Adelaide April 10 - April 14 D Adelaide May 22 - May 26 

n Perth March 27 - March 31 D Perth May 29 - June 2 

♦Courses will be held in a near-CBD location in each city (TBA), if more than one 
attendee please write in number otherwise tick box. 

Payment Information - RHCE (RH300) AUD$3195 (normally $3395) 

DI attach an official company purchase order DI attach a cheque for payment in full 

□ Please charge my credit card (details below) 

Card Type: D Visa D Mastercard D Bankcard D American Express D Diners Club 

Card Number:___ Expiry: / 

Cardholder Name:___ 

I confirm that I have read and understood course prerequisite details posted at http://www.redhat.com/products/training prereq.html . Red 
Hat Asia-Pacific reserves the right to cancel or reschedule courses. By supplying my AUUG membership number I understand that I will 
receive a $200 discount off of the standard course price of $3,395.00. 

Authorised Signature:___ 

Name:_Date:_ 





The 2000 annual John Lions' student award 
for work in the area of open systems. 


The John Lions award has been instituted to recognise the leading role that John Lions played in bringing 
UNIX to Australia, the formation of AUUG, and the promotion of the values held by the open systems 
community. 

After Ken Thompson and Dennis Ritchie published a paper "The Unix Time-Sharing System" in May 1974, 
John Lions decided to base his Operating Systems course around understanding the source code. In 
addition to that, he founded AUUG as a group of computer scientists who had a common interest in the 
UNIX Operating System. 

Today AUUG has members throughout Australia from industry, commerce, and education and works to 
promote the benefits of open architectures and standards compliance in languages, operating systems, 
networks, and applications. AUUG focuses on the latest developments in open systems by the exchange of 
ideas and solutions through local chapters, the annual conference, local chapter conferences, and its 
journal. 


Requirements: 


• The award is for a full time student at an Australian University. 

© The award is for an in-progress or recently completed honours or postgraduate thesis in the 
area of UNIX and open systems. The judges will be looking for things like interesting uses of 
open systems technology, contribution to understanding of open systems, programs, tools or 
knowledge about UNIX and open systems. 

© The award is judged on the basis of an approximately one page or 500-word description of the 
work. The evaluation committee may wish to interview students on the short list for the prize 
and possibly see a demonstration of the work so far completed. 

© The evaluation committee will consist of at least 3 AUUG members, at least one of whom 
belongs to the AUUG national executive, and optionally a representative from another 
organisation. 

© The decision of the evaluation committee is final and the committee reserves the right to not 
award the prize if a suitable entry has not been submitted. 

Final date for receipt of entries is 5pm Friday 28th July 2000 


The prize consists of: 


© A cash prize of $1000 
© One year's membership of AUUG 

• Announcement of the prize at the main AUUG conference and in AUUGN (the AUUG Journal) 

• A certificate 

© The winner's name inscribed on a permanent awards board, displayed in the AUUG office and 
at the main conference 


What sort of work might qualify 



The work will be focussed on software which relates to computer communications, networks, operating 
systems, or similar. If you are not sure whether your work may qualify, mail: 

Lions_Award@auug.org.au 

Entries may be submitted by email to Lions_Award@auug.org.au or by post to: 

John Lions Student Award 

AUUG 

PO Box 366 

KENSINGTON NSW 2033 
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My Home Network 

Frank Crawford 
frank@crawford.emu.id.au 


I have a confession to make, not everything I plan 
for this column is yet in my home network. For 
example, last issue I wrote that I would be talking 
about security and securing your network at 
home. My plan was to install a number of 
security items in my home network before I wrote 
the column and then describe them. 
Unfortunately, I haven't had any time over the last 
few months to do so. 


supported by imapd and popd. These were 
developed at the University of Washington (along 
with pine) and are available in the imap RPM for 
RedHat. You do need to make sure that you have 
the latest version, and keep up to date, as 
numerous security problems have been found 
within imapd and have subsequently been fixed. 

The installation of imapd and related items is 
simple, as they run out of inetd, the main 
network services daemon. All you need is to add a 
line to /etc/inetd. conf of the form: 

imap stream tcp nowait root \ 

/usr/sbin/tcpd imapd 


On the other hand it is fortunate I didn't, because 
one of the key components I was to describe is 
Linux IPChains, which I have set up in a veiy 
basic fashion. However, this is about to be 
replaced by NetFilter, an all round better package, 
when Linux 2.4 is released. While Linux 2.4 may 
not be out by AUUG2K, Paul "Rusty" Russell the 
Linux Kernel IP Firewall Maintainer and developer 
of NetFilter, will be running a tutorial. As well, 
Darren Reed, the author of IPFilter, used on most 
other free Unixes is also a Keynote speaker. 

Anyway, on to what this column is about, and the 
real reason my home network exists, is the 
applications my family are running. Like users in 
any environment, they expect every application 
they have seen to work without any idea of what is 
behind it, and like any network anywhere, the 
major application is email. 

My children have e-pals, and regularly 
communicate with them. But since we have a 
number of machines within the house, they need 
to be able access their mail from any one of these 
machines. 

This means that the central server, bits, is also 
the mail server for my home. As I've described in 
a previous column, all mail is delivered to it, and 
mail headers are rewritten to appear to come from 
this machine. Once the mail is delivered to the 
family's separate mail boxes (yes, eveiyone has 
their own mail box) it is necessaiy for them to be 
able to read it from any other machine. Every 
user needs an account on the mail server. 


which is usually in the standard inetd. conf, but 
commented out anyway. (Note this also includes 
the use of TCP Wrappers, a security feature.) You 
then need to restart inetd either with a killall 
-hup inetd or by rebooting the system. 

Just as an aside, while IMAP defines access to a 
mail box, most MUAs use normal SMTP for 
sending out mail. This is then handled by 
sendmail, again running on the mail server to 
send a mail item off to its destination. This means 
that there is no additional configuration needed to 
send mail out. 

Once the mail server is configured, the next thing 
needed is to configure the client side or MUA. 
Unix has a number of different mail clients that 
can handle IMAP, including pine, mutt and 
Netscape Mail. However, in my case, the 
preference is for that tool of the evil empire (:-)) 
Outlook Express. It runs fine on both the 
Windows 98 and Macintosh systems in the house 
and provides a simple, convenient interface for 
eveiyone to use. 

Of course Outlook Express doesn't always suit me, 
so at times I run mutt or even standard Linux 
mail. While mail can't understand IMAP, it does 
understand NFS (or at least the systems do), so I 
have exported /var/spool/mail from my mail 
server to the other Linux systems in the house. It 
works fine for a small network, although for a 
much bigger installation, I wouldn't suggest it 
(even if it is widely used). 


The traditional way to do this was using a client 
(or MUA - Mall User Agent) that supported the 
POP or Post Office Protocol to download each item 
to the users computer. A better mechanism now 
available is to use IMAP or the Internet Message 
Access Protocol, which allows the mail to stay on 
the remote server and only downloads a temporary 
copy. IMAP also allows the creation and 
manipulation of multiple folders on the mail server 
as well as the deletion of mail items no longer 
required. 

To support this, the mail server needs to run a 
daemon that supports IMAP (currently IMAP4 or 
IMAP version 4) and optionally POP. While this is 
in most modem mail systems, on Unix and Linux, 
for small environments it is most commonly 


The configuration you need to setup your mail 
client is as follows (translate it to relevant MUA): 


Protocol: IMAP (or IMAP4) (port 143) 

IMAP Host: mailhost.your.domain 

SMTP Host: mailhost.your.domain 

Login id: youracct 

Email addr: youracct©your.domain 

Mailbox: INBOX (i.e your default 

system mailbox) 


One other item that may come up is that IMAP 
can be mn over SSL and even has its own port 
(tcp/993), however, imapd doesn't support this in 
any native fashion. You may be able to hack it in, 
but in a home network environment it is probably 
an overkill. The only case I can see for its use is if 
you intend to dial into your home network from 


- 19 - 


June 2000 



elsewhere. I hope to offer a better solution in a 
later column (This involves the use of IPSec 
connection such as FreeSWan with Road Warrior 
support). 

A couple of other tips I can offer in setting up mail 
clients for home. You need to be fairly liberal with 
the use of aliases. In my case, while most of the 
family have logins that come from their initials, I 
have added aliases in the system for their first 
name as well. There is even one for the dog 
(although one of the children read that one). The 
use of these aliases, make it much simpler for 
their friends to remember and gets around the 
Unix limit of a maximum of 8 characters in a user 
name. 

Finally, one other important point, especially with 
the spread of things like the LoveLetter Worm, you 
need to ensure that you keep your virus software 
up to date, and teach all your family to be careful 
of strange mail items. If we start teaching 
children to do it now, maybe things will be much 
safer in the future. 

Anyway, that is all for this column, let me know of 
any great ideas you have for your home network, 
or need anything clarified for this or any previous 
column and I’ll see you at AUUG2K. 



Press Release 

Open BSD 2.7 


Source: OpenBSD http://www.OpenBSD.org/ 

June 15,2000 

Calgary, Canada — OpenBSD announces release 
2.7 of the "Secure by Default" operating system for 
Internet servers and workstations. OpenBSD 2.7 
significantly enhances the built-in strong 
cryptography with the OpenSSH suite to support 
the SSH 1 and 2 secure communication protocols 
and drivers for hardware accelerators for IPSec 
VPNs. 

"OpenBSD's principal goal of security and stability 
is NETSEC's basis for using it as foundation of our 
managed security solution," stated Todd Waskelis, 
NETSEC Vice President. "We've even funded the 
development efforts of the hardware crypto 


support in OpenBSD 2.7, which allows us to 
deliver high bandwidth VPN connections cost- 
effectively to our clients, and as a bonus, anyone 
can do it themselves since the code is free". 

OpenBSD’s cryptography has been further 
enhanced by encrypting virtual memory swap 
space, and by more flexible ISAKMPD key 
exchange and operating modes for IP Security 
networking. OpenBSD completely avoids the US 
export controls on cryptography because it is 
published in Canada with cryptographic software 
developed entirely outside the USA. Support for 
SSH1 and HTTPS secure protocols depends on the 
RSA public key algorithm patented in the USA. 
Users worldwide may use the OpenSSL free library 
while those in the USA must use the non¬ 
commercial RSAREF library to abide by the 
patent. 

"This is the last release where we have to worry 
about the RSA patent since it expires on 
September 21", says project leader Theo de Raadt. 
"RSA is the premier key exchange algorithm and 
this patent has held a greater stranglehold on 
cryptographic operations than any government 
policy". 

OpenBSD's SSH support is done with the free 
OpenSSH suite also developed by OpenBSD team 
members. The suite has been ported to other 
systems and is rapidly gaining in popularity. 

OpenBSD 2.7 improves support for high end 
system boards, SCSI controllers, ethernet 
interfaces, and adds gigabit ethernet drivers and 
IPv6 networking. There are over 500 pre-compiled 
application packages ready to install, and most 
Linux binaries run without recompiling thanks to 
the emulation system. 

OpenBSD is free software, released under a 
Berkeley-style open source license. It is developed 
by a team of Internet volunteers, based on UC 
Berkeley's 4.4BSD-Lite. OpenBSD runs on PCs, 
SPARC, Mac68K and other hardware. All 
development is funded by donations and the sale 
of CD-ROMs and T-shirts. Commercial support is 
available from third party contractors and 
companies. 

OpenBSD on the Web: 

http://www.OpenBSD.org/ 


What's new in OpenBSD 2.7: 

http://www.OpenBSD,org/27.html 


About OpenSSH: 

http://www.OpenSSH,com/ 

What they say about OpenBSD: 

http://www.OpenBSD.org/press.html 
http://www.OpenBSD.org/ testimonials.html 


Commercial Support: 

http://www.OpenBSD.org/support.html 
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new from digital press 

an imprint of Butterworth-Heinemann 
ESSENTIAL LINUX with CD Rom included Steve Heath 

Essential Linux addresses and provides the essential information for getting a Linux system up and running, 
looking after it, and using it. It includes many screen shots and examples of essential commands and utilities. This 
book focuses on practical installations, such as converting IBM PCs, transferring data from Windows and MS-DOS 
and running Linux in conjunction with Windows. CD Rom included. 

Contents: Inside Linux * Installing Linux * Linux commands * bash shell scripts * tcsh shell scripts * Editors * System 
Administration * Linux Networking * Installing XFree86 * If the command does not work.. 

ISBN 1 55558 177 3 : 250pp : PB : 1997 : ARRP $80?00 : MEMBER PRICE $64,00 




UNIX FOR OPEN VMS USERS 2ed Richard Holstein, Joseph McMullen & Philip Bourne 

This book is for users who are making the transition from OpenVMS to UNIX and provides a comprehensive 
comparison of commands and utilities. Working into practical examples, the book shows simple daily tasks that 
map one-for-one from OpenVMS to UNIX. 

Contents include: Introductory File Management * Editing * Communicating with Other Readers * Monitoring & Utilizing 
System Resources * Devices, Queues, & Background Processing * Processor-to-Processor Communications 

ISBN 1 55558 1552 : 400pp : PB : 1999 : ARRP $80r§8 MEMBER PRICE $64.00 



* ~ \ -i i 



DIGITAL UNIX SYSTEM ADMINISTRATOR’S GUIDE 


Matthew Cheek 


Digital UNIX System Administrator’s Guide is the first book to address Digital UNIX system administration from an 
experienced administrator’s point of view. Every topic covered is specific to Digital UNIX, serving as a valuable 
reference guide for experienced UNIX system administrators who are new to Digital UNIX. 

Contents: Introduction * Installation * System Configuration * User Accounts and Security * Services and Resources * 
Networking* Performance, Tuning and Recovery * Troubleshooting * Appendices 

ISBN 1 55558 1994 : 350pp : PB : 1998 : ARRP $78r05 : MEMBER PRICE $63.95 


TRU64 UNIX FILE SYSTEMS ADMINISTRATION HANDBOOK 


Steve Hancock 


“Tru64 UNIX” is the new name Compaq has given the Digital UNIX operating system. This unique and authoritative 
book helps systems administrators and other technical professionals understand and master perhaps the most 
critical part of Tru64 UNIX - the file system by which the operating system stores and manipulates all of the 
information that enables both it and other applications to function. Tru64 UNIX File Systems Administration 
Handbook covers all of the newest and most advanced Tru64 UNIX features, including Compaq’s TruCluster 
technology, which enables organizations to grow their systems by integrating many individual computers. 

Contents include: Storage and Device Management * UNIX File Systems Architecture * Logical Storage Manager * UNIX 
File System * Advanced File System * Network File System * Appendices * Glossary 

ISBN 1 55558 227 3 : 352pp : PB : December 1999 : ARRP $m©8: MEMBER PRICE $60.00 




Tni&f 

liMiy 

. MJmi Jr& 

Fife System 


AUUG1 


Special Offer for AUUG Members! Receive 20% discount on this order form. 


Order form: Please supply the following 

Retail Member 

Qty ISBN Title Price Price 

_ 1 55558 177 3 Essential Linux @ $80 ,0 0 $64.00 

_ 1 55558 155 2 UNIX for Open VMS User’s @ $ 80 r 00 $64.00 

_ 1 55558 199 4 Digital UNIX System Admin Guide @ $78 : 05 $63.95 

_ 1 55558 227 3 Tru64 UNIX @ $ 7 5 ,0 0 $60.00 

Please add $10.00 Postage and Handling to order total 

Payment options: 

Please find attached □ cheque for $ .. OR □ charge my: 

□ Bankcard □ Visa □ Mastercard □ AMEX □ Diners 


P/Code. 


Card No:_ 

Name on card:, 


Expiry:. 


Customer details: 

Name:. 

Address:... 

Suburb/Town:..... State:... 

Tel:..... Fax:... 

Email: ...... 

0UTTERWORTH 
fjflE I N E M A N N 

To order, please return this form to 

Freepost: Butterworth-Heinemann Australia 
Reply Paid 1160, PO Box 251, Port Melbourne Vic 3207 


Signature. Telephone: 03 9245 7188 Fax: 03 9245 7577 


NB: All credit card payments will be processed immediately on receipt of order 


Email: bhau.marketing@reededucation.com.au 



















The Open 
Source Lucky Dip 

Con Zymaris 
conz@cyber.com.au 

Welcome back. 

Doubtless you are reading this on your way to (or 
from) AUUG2k. Hope it was a blast for you and 
your colleagues. 

Let's dive straight into this editions tools and news 
items, fresh from the open source mosh-pit. 

^ ^ ^ 


"Customer: "Can you copy the Internet for me on 
this diskette?"" 

* + * 


PHP 4.0 Released! 

PHP, a personal favorite amongst web-scripting 
technologies, has just hit version 4.0 Developed 
several years ago by Rasmus Lerdorf, PHP can 
now boast usage in over 1 million web-domains. It 
is easy to use, powerful, multiplatform, fast and of 
course, open source. PHP 4.0 brings several nifty 
front-end features to the user community, but 
most of the goodies are in its new Zend back-end 
engine. The PHP developer mailing lists have 
boasted of anything upto a 10-fold performance 
increase with this new version. For download 
binaries for *BSD, Linux et al, visit: 

http: //www.php.net/ 

A ^ ^ 

InterBase 6,0 Open Source 
Release Imminient, 

InterBase, the fully-featured SQL engine from 
Inprise/Borland, is set to be released in open 
source format. Interbase sports all the capabilities 
a web-database developer will likely need, and has 
a solid reputation and following. People who have 
been using databases like MySQL and PostgreSQL 
in particular will want to check InterBase out. 
InterBase is available at: 

http://www.interbase.com/ 

4 ^ 


Bluefish: GUI HTML Editor 

Bluefish is a HTML editor for Linux which is 
designed to give programmers and experienced 


webmasters power and flexibility, but still provide 
an intuitive graphical interface. Features include: 
multi-file editing, multiple toolbars, custom 
menus, image and thumbnail dialogs, open 
content directly from the web, CSS dialogs, PHP, 
SSI and RXML support, HTML validation and heap 
of wizards. This new version allows for much 
faster highlighting, a new, very powerful search- 
and-replace engine (allowing regular expressions), 
more logical menus, more HTML features, more 
translations into your local language, and a lot of 
bugfixes. Bluefish is released under the GPL and 
can be downloaded at: 


http://bluefish.openoffice.nl/ 



Make HTML coding easier with Bluefish 


> ^ ^ 


Bill Gates (Chief Bloatware Architect): How the hell 
did you get into my mansion? I spent three 
million dollars on barbed wire fences , guard dogs , 
crocodile-filled moats, automatic machine guns , and 
highly-trained body guards to keep you Linux 
frealcs off my property! 

- Humorix's talce on posing the ' break-up ' question 
to Bill Gates 

4 4 4 

Wine 1,0: Windows 
APPS RUNNING ON LINUX 

After what appears to have been an extremely long 
gestation period, Wine 1.0 is rumoured to be 
nearing release. Launched as a project to create a 
free re-implementation of the core Win 16 and 
Win32 API under platforms such as Linux and 
FreeBSD, Wine has seen rapid improvement in 
recent months. Wine allows users to run their 
favourite Windows apps under Linux. Wine also 
allows developers to compile their Windows apps 
from source, into Linux apps. This, in effect, is 
what Corel has done with their recent release of 
WordPerfect Office 2000 for Linux. By using (and 
contributing to) to Wine development, they have 
been able to recompile their whole Windows-based 
WordPerfect Office applications suite under Linux 
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with minimal re-coding. This allows developers a 
single source base. More information on Wine 1.0 
can be found at: 

http://www.winehq.com/ 

^ 4 4 

Bastille Linux: 

Batton down the hatches. 

Security and functionality should be the basis of 
operations on the Internet. Too many people 
eschew security, which is the reason for the large 
number of cracker breakins which occur. One way 
to bolster security at your site, is to use a 
hardened OS, such as Bastille Linux. According to 
its creators, Bastille aims to be the most 
comprehensive, flexible, and educational Security 
Hardening Program for Red Hat Linux 6.0/6.1. 
Virtually eveiy task it performs is optional, 
providing immense flexibility. This new version 
has the ability to be installed on non-virgin 
systems, can be run multiple times, is undoable, 
and includes a log-only mode. 

Check out the homepage at: 

http://bastille-linux.sourceforge.net/ 

^ ^ ^ 


"There are two major products that come out of 
Berkeley: LSD and UNIX. We don't believe this to be 
a coincidence.” 

^ ^ ^ 


Stop VBScript/MS-Outlook 

VlRII WITH VBS 

The recent spate of damaging, widespread and 
infamous virii (Lovebug et. al.) are not ’Internet 
virii', but 'MS-Outlook virii'. These virii will not 
damage Linux, Unix or MacOS based systems, 
just Win32-based systems running MS-Outlook as 
the mail user agent (MUA). The Internet should 
not be blamed for a single vendor's poor default 
security settings, nor should end-users be in 
constant fear of receiving email with damaging 
content. Vbs is here to help. Developed by Theo 
Nolte and released as GPL open source, Vbs is a 
mail-filter to make attachments un-executable. It 
works by replacing the dot in the filename 
extension of critical attachments with a tilde, so 
that MUAs won't recognize those attachments 
anymore as executable. It is implemented as a 
wrapper for the delivery agent. Get Vbs from: 

http://adsl-noltel.rz.rwth- 
aachen.de/progs/vbs/ 


Gini 1.0 

If you want to get your hands on some working 
Jini code for distributed computing applications, 
have a look at this GPL project. Developed at UC 
Berkeley, Gini is a light-weight Jini clone. Gini has 
its own remote method invocation framework. 
According the author, Gini has the ability to 
generate bytecode for remote object proxies on the 
fly, so there's no need to use RMIC. Network 
service discovery is simple, using UDP broadcasts. 
Check out the homepage at: 

http://www.xcf.berkeley.edu/-yaroslav/gini 


If you have any experiences 
using Linux that you would 
like to share with other 
AUUGN readers, drop us a 
line at: 

auugn@auug. org.au 
We’d love to hear from you! 
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OpenBSD Merchandise For Sale 

AUUG Inc has a limited amount of CD-ROMs and T-shirts from the Open BSD project available for 
sale to members. To order, please fill in the form below, then send it, with payment, to. 

AUUG Inc. 

PO Box 366 
Kensington, NSW, 2033 

or fax your order (credit card payment only) to (02) 8824 9522. Queries: call Liz Carroll on 1800 625 
655. 

Orders will be dispatched by express post after payment is confirmed. Orders will be processed in 
order of receipt, so it is important to include a contact number so that if we have run out of what you 

want, we can work out a substitute or refund. _ __ 

AUUG Inc. OpenBSD Merchandise Order Form 


Name: 

Address: 


City: 

Phone Number: 
Email: 


State: 


Postcode 


ITEM 

SIZE 

QTY 

PRICE 

TOTAL 

OnenBSD 2.5 CD-ROMS 

n/a 


$45.00 

$ 

* -—- 

OpenBSD 2.5 T-shirt 

L 


$25.00 

$ 

XL 


$25.00 

$ 

XXL 


$25.00 

$ 

So loiim! , _ , . . i i \ 

for aii the password. Blowfish T-shirt (C code on back) 

L 


$25.00 

$ 

XL 


$25.00 

$ 

XXL 


$25.00 

$ 

Wire Frame design - black background 

L 


$25.00 

$ 

XL 


$25.00 

$ 

XXL 


$25.00 

$ 

Wire Frame design - navy blue background 

L 


$25.00 

$ 

XL 


$25.00 

$ 

XXL 


$25.00 

$ 

Wire Frame design - dark green background 

L 


$25.00 

$ 

XL 


$25.00 

$ 

Postage and handling (per order) 

N/a 

1 

$10.00 

$10.00 

GRAND TOTAL: 

$ 


Payment by: □ Cheque (enclosed) 

□ Bankcard □ Mastercard □ Visa 


Card Number:_ 

Name on card: _ 

Expiry: _/_ Signature: 






AUUG Corporate 
Members 

as at 28 April 2000 

0 Andersen Consulting 
0 ANI Manufacturing Group 
0 ANSTO 

0 Australian Bureau of Statistics 
0 Australian Centre for Remote Sensing 
(ACRES) 

0 Australian Geological Survey Organisation 
0 Australian Industry Group 
■ Australian National University 
0 Australian Taxation Office 
0 Australian Water Technologies P/L 
® Barwon Water 
a BHP Information Technology 
0 British Aerospace Australia 
0 Bunnings Building Supplies 
0 Burdett Buckeridge Young Ltd. 

® Bureau of Meteorology 
0 Bureau of Rural Sciences 
0 C.I.S.R.A. 

B Camtech 
0 Cape Grim B.A.P.S. 

B Central Queensland University 
0 Centrelink 
0 CITEC 

0 Com care Australia 
0 Commercial Dynamics 

0 Computer Science, Australian Defence Force 
Academy 

0 Computing Services 
0 Corinthian Engineering Pty. Ltd. 

0 Corporate Express Australia Limited 
0 Crane Distribution Limited 
0 CSC Australia Pty. Ltd. 

0 CSC Financial Services Group 
0 CSIRO Manufacturing Science and Technology 
0 Curtin University of Technology 
0 Cyberscience Corporation Pty. Ltd. 

0 Cybersource Pty. Ltd. 

0 Daimler Chrysler Australia - Pacific 
0 Dawn Technologies 
0 Deakin University 
0 Defence Housing Authority 
0 Department of Communications and the Arts 
a Department of Defence 
0 Department of Defence (T2 Section) 

0 Department of Defence (TC Section) 

0 Department of Environment & Natural 
Resources 

0 Department of Environment, Heritage & 
Aboriginal Affairs 

0 Department of Land & Water Conservation 
0 Deutsche Bank 
0 Energex 

0 Environmental Resources Information 
Network (ERIN) 

0 Financial Network Services 
0 Fremantle Port Authority 
0 G.James Australia Pty. Ltd. 

0 Great Barrier Reef Marine Park Authority 
0 HIH Insurance 
B HIH Winterthur 

0 Information Technology Consultants 


0 IP Australia 
0 IT Services Centre, ADFA 
0 Land Information Centre 
« Land Titles Office 
0 Macquarie University 
a Mercantile Mutual Holdings 
0 Motorola Australia Software Centre 
0 Multibase WebAustralis Pty Limited 
0 Namadgi Systems Pty Ltd 

0 Nokia Australia 
0 NRMA Information Ltd. 

0 NSW Agriculture 

® NSW Public Works & Services, Information 
Services 

13 Peter Harding & Associates Pty. Ltd. 

B Philips Broadband Network 
0 Platniium Technology Solutions 

0 Powerhouse Museum 

0 Primary Industries & Energy 

a Qantas Information Technology 

a QLD Department of Education 

a QLD Department of Education, Information 
Systems Services Branch 
s Queensland University of Technology 
a Rinbina Pty. Ltd. 

a SCO 

0 Security Mailing Services Pty Ltd 
a Snowy Mountains Authority 
0 Softway Pty. Ltd. 

0 Southern Cross University 
0 St. John of God Health Care Inc. 

0 St. Vincent's Private Hospital 

0 Stallion Technologies Pty. Ltd. 

0 Standards Australia 

0 State Library of Victoria 

0 Storage Technology of Australia 

0 Sun Microsystems (Australia) Pty Ltd 
0 TAB Queensland Limited 

0 Technix Consulting Group Pty Ltd 
0 The Fulcrum Consulting Group 

0 The University of Western Australia 
0 The Walter & Eliza Hall Institute 
a Tower Technology Pty. Ltd. 

0 Universities Admissions Centre Pty Ltd 

0 University Computing Services, Stirling 

Highway 

0 University of Adelaide 

0 University of Melbourne 

0 University of New South Wales 

a University of Queensland 

0 University of Sydney 

0 University of Technology, Sydney 

0 Victoria University of Technology 
0 Westrail 

0 Workcover Queensland 
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173 Elizabeth St, Brisbane Queensland 4000 

Ph: (07) 3229 4677 Fax: (07) 3221 2171 Qld Country Freecall: 1800 177 395 
americanjbookstore @ CompuServe .com 

Name:_Date:_ 

Address:___ 

_Post Code: _ 

Phone Number: __ 

Payment Method: □ Cheque □ Money Order O Amex □ Bankcard 

□ Diners Q Mastercard Q Visa 

Card Number: _ 

Expiry Date:_Signature:_ 

This is a: O Special Order O Mail Order □ Book on Hold 

QUANTITY TITLE PRICE 


SUBTOTAL $ 
LESS 10% DISCOUNT $ 
POST & PACK $ 
TOTAL $ 


POSTAGE AND HANDLING FEES: 1 BOOK $6.00 2-4 BOOKS $7.00 

BOOKS OVER $70.00 WE WILL SEND CERTIFIED - PLEASE ADD ANOTHER $1.50 OR WAIVE 
CERTIFIED DELIVERY. 


FOR SPECIAL ORDERS, PLEASE ENCLOSE $10.00 PER BOOK AS A DEPOSIT. 















Unix Traps and Tricks 

Jerry Vochteloo 
jerry@socs.uts.edu.au 


Welcome again to Unix Traps and Tricks. It seems that there are plenty of people out there who don't 
want to see the demise of this column. Thanks for all of your suggestions and contributions, please keep 
them coming. 

One of the suggestions was that this column cover some of the "basics", hence if anyone would like to 
write a short tutorial on some tricky facet of UNIX (doesn't that cover everything), that would be greatly 
appreciated. 

Here are contributions from Greg Rose and Graham Jenkins. 

Jerry 

j erry @socs. uts. edu. au 


4 - <$• + 


Xargs 

Greg Rose 
ggr@qualcomm.cam 

I think xargs is one of the most under used utilities. It takes a list of filenames and applies a command to 
them, where the list can be arbitrarily long. (Once upon a time, this was important, because systems 
limited how many characters of arguments could be passed to one command, xargs would take care of 
that for you, executing multiple commands if necessary. Now, under good systems you don't have a limit, 
and under bad systems you pretty much have to type them, so it isn't so important.) These days, of 
course, you can get the same effect by using backquotes in the shell, but I’m showing my age. 

Another useful one, in the same style, is the -l flag to grep. This tells it that all you really want is the 
filenames where there is a match in the file, so you can subsequently do something with them. Just what 
you need to use with xargs, or for that matter with backquotes! I have a little shell script which I call vi 
for "vi a list": 

#!/bin/ksh 

P="$l" 

shift 

BASEEXINIT="$BASEEXINIT|set ic|map N :n! A Mn" export BASEEXINIT 
vi "+/$P" 'grep -i -1 "$P" .[chf]} x 


(Wow. Remind me one day to write about all the custom vi macros I use. My scripts grow over time, as I 
find new features I want to put in them.) 

Here's the two line version: 

P="$l"; shift 
vi x grep -1 "$P" " 


Basically, it separates out the pattern argument, then edits all files that match that pattern. Wonderful 
for editing all source files that reference a variable, call a particular function, etc. 

Anyway, a minute ago, I needed to find a mobile phone number for a person, and I was sure I had it in 
email from that person. I archive email using Rand mail, which stores each item in a separate file. So I 
wanted to search for all files which mentioned the person's name, and then (in *only* those files) look for 
occurrences of the pattern mobile | cellular | cellphone. 

This came out quite naturally, as: 

find Mail -print | xargs grep -li <person> | xargs grep -i "<whatever>" 


Now, it is possible to do that in POSIX shells without using xargs, but I can never remember how to nest 
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backquotes. (It’s $(cmd), in case you were wondering, but I find the pipeline form to be more intuitive, and 
would use it anyway.) 

I never did find the phone number, but it made me write this. 

^ ^ 


Printing Without Spooling 

Graham Jenkins 
grahjenk@aul.ibm.com 


A few weeks back, I had a need to send postscript output to a non-postscript printer. Not a problem - 
just use the ghostscript program is shown in the following System V print filter. 

#!/bin/ksh 

# @(#)netibmgsaGS Ghostscript interface for postscript/text files. 

# Graham Jenkins, IBM GSA, February 2000. 

# Last modified: 05/03/2000 

# Typical ’lpadmin' command (where BSD printer 'graham_S' previusly defined: 

# lpadmin -p graham -v /dev/null -m netibmgsaGS -I any -T PS \ 

# -o dest=PJL 

# (or -o stty=PJL for Solaris 2.5) 

# 

# Note: Omit PJL switch for LaserJet 2d/3d. 

# Set up redirection of stderr, set trap for disable/cancel 
export PATH=/bin:/usr/bin:/usr/lib:/usr/ucb 

export LD_LIBRARY_PATH=/usr/openwin/lib:/usr/lib 

Log=/usr/spool/lp/logs/lpsched ; [ -w $Log ] | | Log=/dev/null ; exec 2»$Log 

trap “trap 15; kill -15 0; exit 0“ 15 

# Extract number of copies, etc. 

Copies=$4; Options=$5; Du= ; Ra= 
shift; shift; shift; shift; shift 
for Option in $Options ; do 

case “$Option" in 

dest*|stty* ) Swit="'echo \ 11 $Option\ " |nawk -F 
d*|D* ) Du=Y ;; 

r*|R* ) Ra=Y ;; 

esac 
done 

# Use postscript or text filter for each file, pass output to 'slave' printer; 

# ghostscript version is compiled so 'laserjet' device prints duplex-mode. 

Count=l 

( while [ $Count -le $Copies ] ; do 
for File in $* ; do 

if [ "$Ra" = Y ] ; then 

cat $File 
else 

[ 11 $Swit" = PJL ] ScSc echo "\033%-12345X@PJL ENTER LANGUAGE=PCL\n\r\c 11 
echo " \033E\ 033&llX\c 11 

if file $File | grep -i postscript >/dev/null 2>&1 ; then 
[ "$ Du" = Y ] && De=laserjet | | De=ljetplus 
/usr/local/bin/gs \ 

-sDEVICE=$De -q -sOutputFile=- -dNOPAUSE $File -C quit 

else 

[ 11 $Du" = Y ] ScSc echo " \033&llS\c“ || echo "\033&10S\c" 
echo "\033&126A\033&k2G\033&llo5.00c66F\033(sll.80H\c“ 
cat $File 
f i 

[ " $Swit" = PJL ] ScSc echo 11 \033E\033%-12345X\c" 
fi 
done 

Count='expr $Count + 1' 

done ) | lp -d 'basename $0'_S >/dev/null 2>&1 # CHANGE-THIS-LINE 


= '{print $2}'|tr -d 

# Duplex 

# Raw 
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exit 0 


This program worked well in a test environment - but exhibited 'full-file- system' problems in production - 
because it can produce and spool some output files which (due to the ghostscript conversion) are much 
larger than its corresponding input files. 

The immediate solution was to change the ip -d . . line near the filter program end to read instead: 
done ) | /usr/local/bin/hpnpout3 'basename $0' >/dev/null 2>&1 

At the same time, I dispensed with the slave-printer definition for 'basename $o'_s - and created a entiy 
in /etc/hosts for 'basename $ 0 '. 

The hpnpout 3 program is a simple executable for HP network printers which pipes its standard input to 
tcp port 9100. It can be called with a parameter which allows alternate ports to be used so as to enable 
its use with 3-port Jetdirect devices. I can supply a copy to anyone who emails me a request. 

In fact, this solution also works for more recent Lexmark printer interfaces, and probably for some others 
too. But I started to think about what one could do if the destination printer would only accept BSD lpd 
requests. 

One solution available with more recent versions of Solaris would be to use the netpr program - which 
sends a designated file directly to a nominated printer at a remote address using the lpd protocol. Even if 
you have netpr - you may still have a problem - because you have to place your full output file somewhere 
before you call netpr. 

Why, I asked myself, would netpr not accept standard input? The answer lies in the lpd protocol itself as 
defined in RFC 1179. This specifies that each file sent within a Job should be preceded by a block in 
which its length is declared. It actually allows declaration of a zero length for a file whose length is 
unknown - but this capability doesn't seem to have been incorporated in too many implementations. 

Jobs sent to a simple device, such as a Jetdirect - which ignores control-file content and prints data-files 
blindly - can have the data file length set to a large value. But such jobs will be rejected by more 
intelligent print servers. 

My eventual solution was to break a print-job from standard input into a number of data files, and send 
them sequentially within the same job. The source code appears hereunder: 

/* bsdprint2.c Send input stream to BSD print queue on remote machine; by 

* splitting stream into finite-length data files. 

* Developed by Graham Jenkins at IBM GSA during March 2000. 

* Reference: RFC 1179. 

* Compilation: cc -O -lnsl -lsocket bsdprint.c 

* Installation: Requires SUID root priveleges for port access. 

* Last revised:16/03/2000. 

*/ 

#define DFILES 832 /* Maximum number of data files (52-832) */ 

#define FSIZE 2048 /* Maximum number of blocks in data file (512-8192) */ 

#define BSIZE 8192 /* Block size (bytes) (512-8192) */ 

#define MIN(x,y) ( x < y ) ? x : y 
#include <sys/types.h> 

#include <sys/socket.h> 

#include <netinet/in.h> 

#include <netdb.h> 

#include <stdio.h> 

send_chk( int fd, char *buffer, int bytes, char ^comment ) { 

if( send(fd, buffer, bytes, 0) < bytes) { 

fprintf(stderr, "Send/check failed: %s\n", comment); 
exit (1); 

} 

return (0); 


send_ack( int fd, char *buffer, int bytes, char * comment ) { 

char status; 
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if{ {send(fd, buffer, bytes, 0) < bytes) || 

(recv(fd, &status,l , 0) < 1) ) { 

fprintf(stderr, "Send/acknowledge failed: %s\n", comment); 

exit (1); 

} 

return (0); 


main(int 
int 
int 
char 
char 
char 
char 
char* 
char* 
struct 
struct 


argc, char *argv[]) { 

fd, nbytes, fileno, start, sent, bytesleft, j, totalfiles; 
offset=-l, port=731; 

localhost[32], filename[64], sequence[64] ; 
buffer [BSIZE]; 

alphal [ ] = "defghijklmonpqrs 11 ; 

alpha3[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmonpqrstuvwxyz"; 
filebuffer; 

version="@(#) bsdprint2 1.05 16/03/2000 Graham Jenkins"; 
sockaddr_in addr; 
hostent *hostaddr; 


/* Usage check */ 

if ( { argc == 3 ) && ( strcmp{argv[1],"-v") != 0 ) ) 

else if ( { argc == 4 ) && ( strcmp(argv[1],"-v") == 0 ) ) 
else { 

fprintf{stderr, "Usage: %s [-v] host printer\n", argv[0] 
exit(2); 

} 


offset = 0; 
offset = 1; 


) ; 


/* Extract and check 'host' parameter */ 

if ((hostaddr = gethostbyname(argv[offset + 1])) == NULL) { 

fprintf(stderr, "Unable to locate host: %s\n", argv[offset + 1]); 
exit (1); 

} 

/* Allocate file buffer */ 

if ( (filebuffer = (char *) malloc(FSIZE * BSIZE * sizeof(char))) == NULL ) { 

fprintf(stderr, "Unable to allocate buffer: %d bytes\n", FSIZE * BSIZE ); 
exit (1); 

} 

/* Connect, using source port 721-731, destination port 515 */ 
memset (&addr, 0, sizeof (addr).) ; 

memcpy{&(addr.sin_addr), hostaddr->h_addr, hostaddr->h_length); 
addr.sin_family = hostaddr->h_addrtype; 
addr.sin_port = htons(515); 
setuid(0); 

while ( (fd = rresvport(&port)) < 0 ) { 

if( offset ) fprintf(stderr, "Failed to reserve port: %u\n", port); 
port--; 

if ( port < 721 ) port = 731; 
sleep(2); 

} 

while (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { 

if( offset ) fprintf(stderr, "Failed connection to port: 515\n"); 
close(fd); 
sleep(2); 

} 

/* Send command sequence "Receive a Printer Job" */ 
sprintf( buffer, "\002%s\n", argv[offset + 2]); 
send_ack( fd, buffer , strlen(buffer), "Receive-print-job"); 
gethostname(localhost, sizeof(localhost)); 
localhost[31] = '\0'; 

sprintf(sequence, "%03.3d%s", getpid() % 1000, localhost); 

/* Send data files */ 
fileno=0; 

while ( (nbytes = fread(filebuffer, 1, FSIZE * BSIZE, stdin) ) > 0) { 

sprintf(filename,"%cf%c%s",alphal[fileno/52],alpha3[fileno % 52],sequence); 
sprintf( buffer, "\003%d %s\n", nbytes, filename ); 
send_ack( fd, buffer , strlen(buffer), "Receive data-file"); 
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if( offset ) fprintf(stderr, "Sending data file: %s\n" / filename); 
start = 0; 
bytesleft = nbytes; 
while (bytesleft > 0 ) { 

for(j = 0; j < (MIN(BSIZE,bytesleft) ) ; j++ ) 

buffer[j] = filebuffer[start + j]; 
send_chk( fd, buffer, MIN(BSIZE,bytesleft) , "Data-file block"); 
sent = MIN(BSIZE,bytesleft) ; 
start = start + sent; 
bytesleft = bytesleft - sent; 

if( offset) fprintf(stderr, "Sent: %u bytes Left: %u\n", sent, bytesleft); 

} 

send_ack( fd, 1, "Data-file"); 

fileno++; 

if( fileno >= ( MIN(DFILES,832) ) ) { 

fprintf(stderr,"Max number of data files exceeded: %d\n",MIN(DFILES,832)); 
exit (1); 

} 

> 

/* Construct and send control file */ 
totalfiles = fileno; 
fileno = 0; 

sprintf( buffer, "\002%d cfA%s\n", 

strlen("H") + strlen(localhost) + strlen("\nPdaemon\n") + 
totalfiles * 3 * ( strlen{"IdfA") + strlen(sequence) + strlen("\n") ), 
sequence ); 

send_ack( fd, buffer , strlen(buffer), "Receive control-file"); 
sprintf(buffer, "H%s\nPdaemon\n",localhost); 

if( offset ) fprintf(stderr, "Sending control file: cfA%s\n", sequence ); 
send_chk( fd, buffer, strlen(buffer), "Control-file block"); 
for ( j=0 ; j < totalfiles ; j++ ) { 

sprintf(filename,"%cf%c%s",alphal[j/52],alpha3[j % 52],sequence); 
sprintf(buffer, "l%s\nU%s\nN%s\n", filename, filename, filename); 

if ( j < (totalfiles - 1) ) 

send_chk( fd, buffer, strlen(buffer), "Control-file"); 

else 

send_ack( fd, buffer, strlen(buffer) + 1, "Control-file"); 

} 

/* Wrap it up */ 
close(fd); 
exit(0); 
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AUUG Chapter Meetings 
and Contact Details 



LOCATION 

OTHER 

BRISBANE 

Inn on the Park 

507 Coronation Drive 

Toowong 

For further information, contact the QAUUG 
Executive Committee via email (qauug- 

exec@auug.org.au). The techno-logically deprived 
can contact Rick Stevenson on (07) 5578-8933. 

To subscribe to the QAUUG announcements 
mailing list, please send an e-mail message to: 
<majordomo@auug.org.au> containing the 

message "subscribe qauug <e-mail address>" in the 
e-mail body. 

CANBERRA 

Australian National University 


HOBART 

University of Tasmania 


MELBOURNE 

Various. For updated information 
See: 

http: / /www. vie. auug. org. au / auug 
vie / avjneetings. html 

The meetings alternate between Technical 
presentations in the odd numbered months and 
purely social occasions in the even numbered 
months. Some attempt is made to fit other AUUG 
activities into the schedule with minimum 
disruption. 

PERTH 

Hie Victoria League 

276 Onslow Road 

Shenton Park 

Meeting commences at 6.15pm 

SYDNEY 

The Wesley Centre 

Pitt Street 

Sydney 2000 



Up-to-date information is available by calling AUUG on 1800 625 655. 
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Application for 
Institutional Membership 


Section A: MEMBER DETAILS 

contact holds the full member voting rights and two designated representatives will be given membership rates to AUUG 
^oi hapter n Edition to the primary and two representatives, additional representatives can oe included at a 

i rate of $88 each. Please attach a separate sheet with details of all representatives to be included with your membership. 

NAME OF ORGANISATION: 

Primary Contact 

Surname 

First Name 

Title: 

Position 

Address 

Suburb 

State Postcode 

Telephone: Business 

Facsimile 

Email 

_ Local Chapter Preference 

Section B: MEMBERSHIP INFORMATION. 

Renewal/New Institutional Membership of AUUG 1 | $429.00 

(including Primary and Two Representatives) SaJ 

Surcharge for International Air Mail Qj $132.00 

Additional Representatives Number Qj @ $88.00 

Rates valid as at 1 March 2000. Memberships valid through to 30 June 2001 and include 10% GST. 

Section D: MAILING LISTS 

AUUG mailing lists are sometimes made available to vendors. Please 
indicate whether you wish your name to be included on these lists: 

□ Yes □ No 


Section C: PAYMENT 

Cheques to be made payable to AUUG Inc (Payment in Australian Dollars only) 

For all overseas applications, a bank draft drawn on an Australian bank is required. 
Please do not send purchase orders. 


Please debit my credit card for A$_ 


Section E: AGREEMENT 

l/We agree that this membership will be subject to rules and by-laws of AUUG as 
in force from time to time, and that this membership will run from time of join¬ 
ing/renewal until the end of the calendar or financial year. 

I/We understand that l/we will receive two copies of the AUUG newsletter ; and 
may send two representatives to AUUG sponsored events at member rates, 
though l/we will have only one vote in AUUG elections, and other ballots as 
required. 


Name on Card __ 

Card Number __ 

Expiry Date_ 

Signature __ 

Please mail completed form with payment to: 

Reply Paid 66 

AUUG Membership Secretary 
PO Box 366 

KENSINGTON NSW 2033 



UNIX®AND OPEN SYSTEMS USERS 



AUUG Inc 
(02) 8824 9522 


Chq: bank _ 

A/C: _ 

Date: _ 

Initial: _ 

Membership #: 


AUUG Secretariat Use 


bsb _ 

# _ 

$ _ 

Date Processed: 


AUUG Inc 

PO Box 366, Kensington NSW 2033, Australia 

Tel: (02) 8824 9511 
Free Call: 1 800 625 655 
Fax: (02) 8824 9522 

email: auug@auug.org.au 

ACN A00 166 36N (incorporated in Victoria) 


http://www.auug.org.au 














AUUG Inc is the Australian UNIX and 
Open Systems User Group, providing 
users with relevant and practical 
information, services and education 
through co-operation among users. 



Technical Newsletter 


AUUG’s quarterly 
publication, keeping you 
up to date with the 
world of UNIX and 
open systems. 


Events . Events. . Events 

«Annual Conference & Exhibition 
• Overseas Speakers • Local Conferences 
• Roadshows • Monthly Meetings 


DISCOUNTS 

to all AUUG events and 
education. 

Reciprocal arrangements with 
overseas affiliates. 

Discounts with various 
internet service providers , 
software, publications and 
ft 


• Newsgroup 
aus.org.auug 


Education 

Tutorials 

Workshops 


Individual or Student Membership 


Section A: PERSONAL DETAILS 

Surname 

First Name 


Title: 

Position 


Organisation 

Address 

Suburb 

State 

Postcode 

Telephone: Business 

Private 


Facsimile: 

E-mail 


_ 

I Section B: MEMBERSHIP INFORMATION 1 

Section F: PAYMENT 1 


Please indicate whether you require Student or Individual Membership by 
ticking the appropriate box. 

RENEWAUNEW INDIVIDUAL MEMBERSHIP 


Renewal/New Membership of AUUG 

RENEWAUNEW STUDENT MEMBERSHIP 

□ 

$110.00 

Renewal/New Membership of AUUG 
(Please complete Section C) 

□ 

$27.50 

SURCHARGE FOR INTERNATIONAL AIR MAIL 

□ 

$66.00 


Rates valid as at 1 March 2000. Memberships valid through to 30 June 2001 and include 10% GST. 

Section C: STUDENT MEMBER CERTIFICATION 

For those applying for Student Membership, this section is required to be 
completed by a member of the academic staff. 

I hereby certify that the applicant on this form is a full time student and that the 
following details are correct. 

NAME OF STUDENT: _ 

INSTITUTION: _ 

STUDENT NUMBER: _ 

SIGNED: _ 

NAME: _ 

TITLE: _ 

DATE: _ 

Section D: LOCAL CHAPTER PREFERENCE 

By default your closest local chapter will receive a percentage of your 
membership fee in support of local activities. Should you choose to elect another 
chapter to be the recipient please specify here: 


Section E: MAILING LISTS 


AUUG mailing lists are sometimes made available to vendors. Please indicate 
whether you wish your name to be included on these lists: 


□ Yes □ No 


Cheques to be made payable to AUUG Inc 
(Payment in Australian Dollars only) 

For all overseas applications, a bank draft drawn on an Australian bank 
is required. Please do not send purchase orders. 

-OR- 


□ 


Please debit my credit card for A$_ 


| | Bankcard 


| | Visa 


Mastercard 


Name on Card 
Card Number . 

Expiry Date_ 

Signature_ 


Please mail completed form with payment to: Or Fax to: 


Reply Paid 66 AUUG Inc 

AUUG Membership Secretary (02) 8824 9522 

PO Box 366 

KENSINGTON NSW 2033 
AUSTRALIA 


Section G: AGREEMENT 

l agree that this membership will be subject to rules and by¬ 
laws of AUUG as in force from time to time, and that this 
membership will run from time of joining/renewal until the end 
of the calendar or financial year. 


Signed:. 

Date: 


AUUG Secretariat Use 


Chq: bank _ bsb _ 

A/C: _ #_ 

Date: _ $ _ 

Initial: _ Date Processed: 

Membership #; _ 


more. 





















